My first published iPad app is now available on the App Store for free.

Almost a year ago, I met with Dr Grant Franklin of Raigmore Hospital in Inverness. We’d worked together before on a tablet PC program many moons ago. That project never got further than the pilot stage, but Dr Franklin was impressed enough with my work to ask me to collaborate on a new idea. His idea was to create a program which supported clinicians in diagnosing sepsis, then allow them to track the six steps taken to address the condition. At the time, I hadn’t heard of the concept of the Sepsis Six, but since then it has received considerable publicity, including a national BBC news broadcast (and website item). To quote Dr Franklin’s  guidance notes, “If we give 4 patients with septic shock antibiotics on arrival in hospital rather than 4 hours later, we will save at least one life”.

Using Dr Franklin’s diagrams and documentation as a guide, I put together an early version which showed some promise, so Dr Franklin sought and obtained some funding from NES. There then followed many months of redesign and refinement as Dr Franklin guided me through all the details of how the app should work. Here’s an outline of what it does:

  • Record some basic clerking information, such as the patient’s name and when they first started showing symptoms.
  • Calculate the SEWS and SIRS scores from observations and lab results. These scores help the clinician decide whether a patient has sepsis or not.
  • A full-screen countdown timer which counts down from 60 minutes, with a “race-track” displaying when the sepsis actions were taken. The idea is that this countdown timer can be displayed on the “sepsis trolley” on the ward. (The trolley holds all the equipment required to carry out the Sepsis Six.)

We agreed right from the outset that the app should be free, and so it is. I’m really proud of the quality of my work on this app. It’s my great hope that it also proves useful to clinicians.

Hundreds of hours of work went into creating the app over the past 11 months. I’m grateful to my wife for her encouragement, design ideas and especially her tolerance of the many weekends listening to me curse and tear out my hair in front of the computer. I also owe thanks to the following people for their help: NES for the funding which has allowed us to make it a free resource; Andy Walker for working out the trigonometry for me; Sue Cousins for the many hours of testing she put in; George Rendall for pointing out the deficiencies in the documentation and helping with the testing; my colleagues Tom and Derek at NHS Orkney for putting up with the frequent, over-enthusiastic demonstrations of new features; and my colleagues in NHS Highland who helped Dr Franklin get the beta versions of the app installed on his iPad; Dr Mulholland of NHS Lanarkshire for pushing me to find a better way of delivering beta test versions. (If you’re embarking on a beta test of your own, I highly recommend using Testflight from the start because it will save you a lot of grief.)

As with any software, this app is a work in progress. Please let us know how we can improve.

Yesterday I stopped using Google Reader, a couple of days ahead of Google shutting down the service. Like many other people, I’ve been very upset about the demise of Google Reader. Before Google Reader opened, I was happily paying a monthly sub to Newsgator for their superior RSS aggregation service. Once Google Reader appeared for free, Newsgator cancelled their service – Google effectively destroyed the market for RSS aggregation overnight. I was quite shocked when I discovered that Google Reader didn’t allow authenticated RSS subscriptions, as Newsgator had, but I learned to live with it. Now Google have killed Reader with only a few months’ warning and left us all in the lurch.

I’ve switched to Feedbin. I like the website design, the feeds seem to update quickly, and it syncs with my preferred client software (Reeder). I don’t grudge the $2/month fee at all. RSS aggregation is an essential part of my toolset: without it, I would not be able to do my job.

But now I’ve discovered another Google-related problem. I recently had to reset the content of my iPhone. When I recreated my Gmail account on the phone, I discovered that I could no longer set it up for push email. Worse still, I’m forced to use IMAP which doesn’t work over the firewall at the office. The reason is that Google no longer allow non-Google Apps accounts to use “Activesync” to synchronise content.

Now, I would happily pay the $5/month for Google Apps, purely in order to get my syncing back, but that is not possible either: when you setup a Google Apps account, you have to also create and use a new domain name. It is effectively a totally separate account. Google have made it impossible for me to buy syncing which will work with my existing account.

So I think I’m going to give up. I’ve been using Gmail since day one, and advocated it to all and sundry, but Google are making it impossible for me to continue using their service. The thought of having to change email address is terrifying – the account is linked to so many other things. But what else can I do? I need something that works quickly and works whether I’m in the office or at home.

The following quote from “The Healthcare IT guy” encapsulates a key feature which I have been lobbying for over the past 9 years (emphasis is mine):

Support for robust patient identification and de-duplication. When working in a multi-entity legal framework, there won’t be a single patient identifier to rule all the systems. Good data models allow an unlimited number of mappable identifiers for any entity—a primary key for internal consistency plus any number of external identifiers. Every Person record should allow an extensible set of identification values to use for both ID lookups and de-duplication requirements that crop up when integrating multiple systems.

After reading that, I felt like maybe I’m not so crazy after all.

The 10-year-old NHS Scotland SCI Store system actually implements many of the next-gen attributes which are mentioned in the article, including “person” & “organisation” models, simultaneous entity roles, and support for patient identification/de-duplication (although the latter has been somewhat diluted from the original vision which I suspect was much closer to that described above).

Here’s a good article about the decline of RSS. I think it is quite accurate albeit very disappointing. I think the author is quite correct that Google Reader has effectively killed RSS basically by being very good at it and thereby pushing out all the other players. It’s a huge problem for me because I encourage people to use newsfeeds to monitor stuff on our internal network, and of course Google Reader doesn’t work when the source is behind a corporate firewall. So we have to fall back on email once again, which is truly soul-destroying. Sooner or later surely the penny will drop in corporate culture and RSS (or something very similar) will be resurrected to help destroy email. At least, I hope so.

It’s also very distressing to see that my favourite newsfeed aggregator Newsgator has chosen to focus pretty much exclusively on customising Sharepoint, which is of no use to me whatsoever. But I guess they have no choice with Google Reader so predominant.

And yes, I too was very annoyed when Twitter and Facebook killed their RSS feeds! There are some Twitter users that you just want to read at leisure rather than it be part of your timeline – newsfeed subscription is a much better way to do that than Lists or extra accounts or whatever. RSS is a silo-busting technology, so I guess I shouldn’t be surprised that so many companies are happy to block it.


In case I forget, this is how to create serializable classes from a few inter-dependent XML schema files. First, put the xsd files in the C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bin folder (naughty, I know, but I couldn’t be bothered working with any path issues). Then run the following command, including the names of all the files:

xsd.exe general-v2-9.xsd SCIStoreGeneral-V7-1.xsd DocumentUpload-V7-1.xsd /c /l:c#

The output is as follows:

Writing file ‘C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bin\general-v2-9_SCIStoreGeneral-V7-1_DocumentUpload-V7-1.cs’.

So you get a C# class file which can be included in your project. Doubtless there are better ways of doing this, but it worked well enough for me.

I really enjoyed this article discussing the political philosophy of “app stores”: how can we reconcile the need to protect end-users from malware etc, while at the same time preserving our freedom in the face of aggressive policing from e.g. Apple or Amazon? It’s pretty clear that most people favour the walled garden of heavily-policed app stores, partly because it’s safer but mostly because it’s simpler. Equally clearly, it is not a good idea to hand over complete control of your computing devices to Apple (or whoever). I’ve no idea what the answer is to this dilemma, but the Ars Technica article posits some interesting solutions.

This is all over the internet of course. If you look past the more gossipy stuff about the various companies he’s worked for, there are two excellent points being made. Both those points have been hobby-horses of mine for at least 5 years.

First of all, “Accessibility has an evil twin” and it is Security (a great way to put it, and I intend to re-use that phrase in future). Many of the organisations that I deal with have security as their primary requirement, accessibility be damned. And that approach not only leads to unhappy staff/customers, it also means that the “official” route is never followed: users find their own way to do things which is pretty much guaranteed to be insecure and/or undermines data integrity.

Secondly, service-oriented architecture. I’ve been ranting about this ever since I joined the NHS in 2003. I think we are at last making progress in this area, and it will be interesting to see what happens over the next few years. It just seems so obvious and natural to me that everything should be served up as a service. The better the service APIs we offer to 3rd-party developers, the better/safer/more consistent our software will be. I guess it’s similar to the accessibility/security issue in that software engineers will find some (probably insecure/crappy) way around inadequacies in the service APIs, so those APIs really have to be better than “dogfood”.

I’ve been involved in a recent NHS Orkney project to replace printed materials in Board meetings. The project has received a fair amount of attention in the press. As a result, we’ve had lots of enquiries from other organisations about the details of the project. I put together a handout which tries to cover all the questions we’ve received so far. My boss has kindly agreed to let me host a version of the handout here on my blog. Doubtless there are ways we could improve on what we’ve done – I’d love to hear any suggestions via the comments:

Aim of the project – Paper-light meetings of the NHSO Board in order to make significant cost savings on printing, binding, etc.

Why iPads? – The other options we looked at were laptops or Kindles. The Kindle was not a viable option because it has no encryption or enterprise wifi. Laptops were not desirable because limited battery life meant all members of the Board would have to be plugged in to mains power for most of the Board meetings. In addition, our experience with iPhones led us to believe that iPads would require less IT support than laptops, further lowering the cost of ownership. Purchase price of laptops and iPads were similar. (For more info, see Benefits below.)

Device management – This can be done using the iPhone Configuration Utility. It doesn’t offer the same degree of device-lockdown which (for example) Blackberry offers, but it does allow you to configure all the necessary settings with a few clicks of the mouse, or even by sending the (encrypted) configuration file to the iPad via email. We use this to configure wifi, certificates, VPN and NHS Mail. Our goal was not to restrict what a Board member could do with their iPad, but to make it easy to set up and use securely. Security: configuration files are encrypted for each individual user/device and password protected. [UPDATED: Definitely worth taking a look at the new OS X Lion Server product. It has much better configuration, webdav file sharing and integrates with Active Directory. Unfortunately, you need a Mac computer to run it, so I doubt I’ll be getting a Lion Server anytime soon.]

Wifi – We have an enterprise wireless solution which was created as part of a previous project. It uses a combination of user/device certificates, WPA2/AES encryption, 802.1x authentication to a Microsoft IAS server on the backend. Unfortunately, the wireless only really covers the meeting rooms plus some of the wards, and all access points have to be configured individually – we hope to sort this out with a more comprehensive solution in the future. We bought the wifi+3G version of the iPad, but the Board Members have to buy their own SIM card if they want to use the 3G connection. [I don’t think anyone has bought a SIM card as yet.] Security: I don’t know of any potential security exploits for this type of wi-fi network.

Documents – The main purpose of our iPad project is to deliver the NHS Orkney Board papers to the Board Members. This is achieved by using our in-house website as a WebDAV store for documents. [We’ve had a blog/wiki product called Traction Teampage for the past four years – it allows everyone to do their own content management without the need for IT or a website editor. It also works as a webdav server.] The Board administrative support staff create a separate WebDAV folder for each of the Board members and populate it with the relevant PDFs. The GoodReader app on the iPad is used to synchronise the content of each Board member’s WebDAV folder to their iPad. They can create an annotated copy of each (PDF) document, and when they next sync to the WebDAV folder, the annotated copies are backed up at the same time that any new/updated files are downloaded. The GoodReader app is an excellent piece of software, with great flexibility in annotating and navigating documents. Security: The files stored on the website are only accessible to the Board. GoodReader encrypts the files stored on the device while is passcode-protected, see this link for more detail. Passcodes are enforced by NHS Mail mobile device policy. (I can’t link to the policy document as it doesn’t seem to be accessible outside of the NHS Mail web app.)

VPN – Getting the Board papers from our internal WebDAV server requires that each Board Member can connect over VPN. The iPads have been setup to use the N3 VPN.

Syncing with iTunes – This is one of the bits which is not quite right yet. Currently, you have to sync with iTunes on a desktop computer to backup, add photos, add music etc. Our Board Members do this (if at all) on their home PCs as they don’t have machines here in the hospital. I can’t offer them any support for the equipment they use at home, of course, so it’s not ideal. Security: NHS Mail mobile device policy enforces encrypted backup in iTunes.

App distribution – Another problem was how to give the GoodReader app to each of the Board Members. We wanted to let them have their own Apple Store ID, so that they could buy their own apps. In the end, we had to help each person get an Apple ID set up, then email them the GoodReader app as a gift. The next version of iOS includes the facility to make bulk purchases of apps and send them out to employees.

NHS Mail – All Board members get their iPads with their NHS Mail account already setup. The reason is not simply that we want to encourage use of NHS Mail, but also to enforce a range of security features, including passcode lock and encrypted storage. I frequently get asked about the perceived poor security of the iPad/iPhone in comparison to the Blackberry. This may have been true a couple of years ago, but it’s simply not the case anymore. See this link for example. I suspect that people often confuse security (i.e. unauthorised access to data on the device) with control (i.e. stopping people being able to do anything except work-mandated tasks with the device).  Security: As per the NHS Mail policy, all email, calendars, contacts downloaded from NHS Mail to the iPad are encrypted.

Rollout – We timed the rollout of the iPads so that the Board Members had the maximum time to get familiar with the devices before they used them in a full Board meeting. I did a 45 minute workshop where I demonstrated the basic use of the iPad, starting with how to use the cover, screen brightness, that sort of thing. There have also been quite a number of one-to-one sessions with individual Board members, and I make myself available for half an hour before each Board meeting to help in whatever way I can. The Board administrative support officers also help Board members when they get stuck, and there are a couple of the Board themselves who help other members. I must confess that I’ve been surprised at how quickly the iPads have been adopted, and by the relatively low number of problems/complaints. Almost all the problems we’ve had so far have been related to VPN/network/NHS Mail passwords, which is a perennial problem whatever system you are rolling out.

Board Papers – We are saving a lot of time by not having to print, bind and distribute papers.  We combine our documents for each meeting into one PDF file, with a table of contents which allows navigation to each agenda item.  The Board members are emailed to let them know that the papers are available in their folder on our WebDAV server, and they then sync their folder in GoodReader to pick up any documents which have been added.  We have put copies of all the meeting papers for the current year 2011 in their folders so that they have easy access and can refer back to previous reports if needed.

Benefits –The simplicity of the iPad pays off in that we get far fewer support calls than with laptops. The simplicity and consistency of the user-interface means that the less tech-savvy users are more open to using the iPad than a laptop, especially given the convenience of a portrait screen for reading documents. Battery life is far better than that of a laptop. One of the unforeseen benefits is that the Board Members use their NHS Mail email/calendars/contacts much more than before, which is of benefit to everyone involved e.g. for arranging meetings, improved email security, etc.

Having started using LINQ and Entity Framework, I was wondering whether I would be better off sticking with stored procs. Little did I know that this question has become a religious war. For example:

None of which helps me decide what to do…

This is a rough guide to installing a Windows CA certificate on your Android phone so that you can connect to an 802.1x secured wireless access point authenticated via IAS. I’m sure there are bits that could be clarified or expanded upon – please let me know via the comments.

  • Get a user certificate on your PC, then export using the Certificates snap-in module. Make sure you include the private key and all certificates in the path.
  • Rename the file to *.p12 and put it on the SD card.
  • In Android, go to Settings > Location & Security > Install from SD card. It should find the file and prompt you for the password you used to secure it when exporting. For the name of the certificate, use the user’s AD account name, e.g. david.rendall.
  • You will also be prompted to set a password for secure storage. This is equivalent to a password safe or the Mac OS keychain – you set a password on an encrypted store which applications can then request access to. You should use whatever password the end-user wants as they will have to use it in future.
  • Go back to top level of Settings and choose Wi-Fi Settings.
  • You should see one the access points listed (assuming you are in range). Tap on it and choose the following options: EAP method is TLS; Phase 2 authentication is None; CA Certificate and User certificate are both set to the certificate you installed above, which should be listed; identity is the user’s AD account name e.g. david.rendall. The other fields can be left blank.
  • It should be working now. I found that it doesn’t always connect automatically, I suspect because you have to put in the password to open the credential store. If this happens, you can still connect manually by going into Wi-Fi Settings, tap on the network you want and then press the Connect button. You may then be asked for your crential store password, but after entering the password you should be connected.

Update 2012-08-29:  Alternatively, you can specify separate certificates for the user and CA. First you need to create the user cert as above, but don’t include all certificates in the path. Then download the CA cert and rename the file .CRT. Copy both files to your SD card. In Android, go to Install from SD card and this time you will get a choice of two files to install. Install them both. Then connect to the wifi as above, but specify the CRT as the CA cert and the P12 as the user cert.

Update 2013-09-11: I now have an Android device which has a built-in SD card, but also an external SD card reader slot. I tried to install a certificate on this device from an external SD card, but it couldn’t find a certificate file.  This is because Android only looks at the internal SD card, not the second, external one. So you have to copy your certificate file from the external SD card to the root of the internal one. What a mess.

Update 2013-09-11: I’ve been unable to get devices with Android 4.1 – 4.2 working with EAP-TLS authentication for wifi. If you have better luck, please let me know how you did it! PEAP-MSCHAPv2 works OK.

@davidrendall on Twitter